External Auth

Reference an external authentication service for access to specific contents


The External Auth extension allows you to add additional authorization logic in Seismic for users accessing external services and content. This is commonly used in conjunction with other extension points

Common use cases include:

  • Login flow for accessing content surfaces through the Searchextension
  • Related Training
  • External content in DocList (pages widget)

Sample login screen

App Prerequisites

Your app needs to engage with an extension that will interact with this External Auth extension. Today these are:

How it works

High level flow

  1. Based on a user click, Seismic is directed to an external piece of content via Search or an external platform via Main Nav
  2. Seismic will prompt the user to sign into your external service though a click or a pop-up dialogue, based on your configuration
  3. When the user is authenticated, they are able to access the external content or platform

When it's triggered

  • When a user clicks on a Main Nav icon that routes to an external service
  • When a user clicks on a piece of external content that has been exposed via Search or deep-linked in Seismic Pages
    • You can refer to this diagram that shows the authentication flow in the context of accessing external content through the Search extension

Security & Authentication

It is recommended to validate the Signing Secret in the POST request that Seismic is making

How to Configure

Configure the External Auth Extension Point

  • Add the External Auth Extension to your application as described here
  • Configure the fields for this extension, please refer to the table below for definitions and notes
  • Make sure to enable the extension point and click Save Changes
Field nameData typeDescriptionNotes
Extension Instance NamestringThe name by which this extension point is identifiedVisible to tenant admins that install your app
401 ResponsecheckboxIs your auth endpoint going to return a 401 response if the user is not authenticated?
Auth EndpointurlThe endpoint that will be displayed when your user receives a 401 error from your system
Auth Pop outcheckboxlaunches a separate window for auth, instead of a pop-upUseful for pop-up blockers


  • Ensure your app is configured with a signing secret
  • Ensure the extension point is enabled within your app
  • Ensure the URL to receive the POST request is publicly accessible

Related Documentation

Extension points